Skip to main content
CVE-2019-3943 HIGH POC This Week

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mikrotik Routeros
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2019-11071 HIGH PATCH This Week

SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Spip Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-0279 HIGH This Week

ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Business Application Software Integrated Solution
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-0229 HIGH PATCH This Week

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Airflow
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-5425 HIGH PATCH This Week

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Ubiquiti Command Injection Edgeswitch X
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-5424 HIGH PATCH This Week

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Ubiquiti Command Injection Edgeswitch X
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-0041 HIGH This Week

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2019-1003049 HIGH PATCH This Week

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jenkins Information Disclosure Openshift Container Platform Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2019-0039 HIGH This Week

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2019-6287 HIGH PATCH This Week

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rancher
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2019-9694 HIGH This Week

Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Encryption
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-0032 HIGH This Week

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Service Insight Service Now
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6154 HIGH PATCH This Week

A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Lenovo Information Disclosure Bootable Usb
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-11069 HIGH PATCH This Week

Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sequelize
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-0044 HIGH PATCH This Week

Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-0043 HIGH This Week

In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0037 HIGH This Week

In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0033 HIGH This Week

A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-0031 HIGH This Week

Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-0028 HIGH This Week

On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-0019 HIGH This Week

When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-10946 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-0199 HIGH PATCH This Week

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tomcat Apache
NVD
CVSS 3.0
7.5
EPSS
72.9%
CVE-2019-0283 HIGH This Week

SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Process Integration
NVD
CVSS 3.0
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy